//
// Your standard server-side xpc main
//
int main (int argc, char * const argv[])
{
const char *name = serviceName;
if (const char *s = getenv("SYSPOLICYNAME"))
name = s;
// extern char *optarg;
extern int optind;
int arg;
while ((arg = getopt(argc, argv, "v")) != -1)
switch (arg) {
case 'v':
break;
case '?':
usage();
}
if (optind < argc)
usage();
dispatch_queue_t queue = dispatch_queue_create("server", 0);
xpc_connection_t service = xpc_connection_create_mach_service(name, queue, XPC_CONNECTION_MACH_SERVICE_LISTENER /* | XPC_CONNECTION_MACH_SERVICE_PRIVILEGED */);
xpc_connection_set_event_handler(service, ^(xpc_object_t cmsg) {
if (xpc_get_type(cmsg) == XPC_TYPE_CONNECTION) {
xpc_connection_t connection = xpc_connection_t(cmsg);
syslog(LOG_DEBUG, "Connection from pid %d", xpc_connection_get_pid(connection));
xpc_connection_set_event_handler(connection, ^(xpc_object_t msg) {
if (xpc_get_type(msg) == XPC_TYPE_DICTIONARY) {
const char *function = xpc_dictionary_get_string(msg, "function");
syslog(LOG_DEBUG, "pid %d requested %s", xpc_connection_get_pid(connection), function);
xpc_object_t reply = xpc_dictionary_create_reply(msg);
try {
if (function == NULL) {
xpc_dictionary_set_int64(reply, "error", errSecCSInternalError);
} else if (!strcmp(function, "assess")) {
doAssess(msg, reply);
} else if (!strcmp(function, "update")) {
doUpdate(msg, reply);
} else if (!strcmp(function, "record")) {
doRecord(msg, reply, connection);
} else {
xpc_dictionary_set_int64(reply, "error", errSecCSInternalError);
}
} catch (...) {
xpc_dictionary_set_int64(reply, "error", errSecCSInternalError);
}
xpc_connection_send_message(connection, reply);
xpc_release(reply);
}
});
xpc_connection_resume(connection);
} else {
static void __XPC_Peer_Event_Handler(xpc_connection_t connection, xpc_object_t event) {
syslog(LOG_NOTICE, "Received event in helper.");
xpc_type_t type = xpc_get_type(event);
if (type == XPC_TYPE_ERROR) {
if (event == XPC_ERROR_CONNECTION_INVALID) {
// The client process on the other end of the connection has either
// crashed or cancelled the connection. After receiving this error,
// the connection is in an invalid state, and you do not need to
// call xpc_connection_cancel(). Just tear down any associated state
// here.
} else if (event == XPC_ERROR_TERMINATION_IMMINENT) {
// Handle per-connection termination cleanup.
}
} else {
xpc_object_t requestMessage = event;
xpc_object_t replyMessage = xpc_dictionary_create_reply(requestMessage);
// Process request and build a reply message.
__XPC_Fetch_Process_Request(requestMessage, replyMessage);
xpc_connection_send_message(connection, replyMessage);
xpc_release(replyMessage);
}
}
int
main(int argc, char *argv[])
{
xpc_connection_t conn;
if (argc < 2) {
fprintf(stderr, "Usage: %s <mach service name>\n", argv[0]);
return (1);
}
conn = xpc_connection_create_mach_service(argv[1], NULL,
XPC_CONNECTION_MACH_SERVICE_LISTENER);
xpc_connection_set_event_handler(conn, ^(xpc_object_t peer) {
printf("New connection, peer=%p\n", peer);
xpc_connection_set_event_handler(peer, ^(xpc_object_t event) {
if (event == XPC_ERROR_CONNECTION_INVALID) {
printf("Connection closed by remote end\n");
return;
}
if (xpc_get_type(event) != XPC_TYPE_DICTIONARY) {
printf("Received something else than a dictionary!\n");
return;
}
printf("Message received: %p\n", event);
printf("%s\n", xpc_copy_description(event));
xpc_object_t resp = xpc_dictionary_create(NULL, NULL, 0);
xpc_dictionary_set_string(resp, "foo", "bar");
xpc_connection_send_message(peer, resp);
});
CFErrorRef SecCreateCFErrorWithXPCObject(xpc_object_t xpc_error)
{
CFErrorRef result = NULL;
if (xpc_get_type(xpc_error) == XPC_TYPE_DICTIONARY) {
CFStringRef domain = NULL;
const char * domain_string = xpc_dictionary_get_string(xpc_error, kDomainKey);
if (domain_string != NULL) {
domain = CFStringCreateWithCString(kCFAllocatorDefault, domain_string, kCFStringEncodingUTF8);
} else {
domain = sSecXPCErrorDomain;
CFRetain(domain);
}
CFIndex code = (CFIndex) xpc_dictionary_get_int64(xpc_error, kCodeKey);
const char *description = xpc_dictionary_get_string(xpc_error, kDescriptionKey);
SecCFCreateErrorWithFormat(code, domain, NULL, &result, NULL, CFSTR("Remote error : %s"), description);
CFReleaseSafe(domain);
} else {
SecCFCreateErrorWithFormat(kSecXPCErrorUnexpectedType, sSecXPCErrorDomain, NULL, &result, NULL, CFSTR("Remote error not dictionary!: %@"), xpc_error);
}
return result;
}
static void xpcEventHandler(xpc_connection_t connection, xpc_object_t event)
{
syslog(LOG_NOTICE, "received event in helper");
xpc_type_t type = xpc_get_type(event);
if (type == XPC_TYPE_ERROR) {
if (event == XPC_ERROR_CONNECTION_INVALID) {
// the client process on the other end of the connection has either
// crashed or cancelled the connection. After receiving this error,
// the connection is in an invalid state, and you do not need to
// call xpc_connection_cancel(). Just tear down any associated state
// here.
}
else if (event == XPC_ERROR_TERMINATION_IMMINENT) {
// handle per-connection termination cleanup.
}
}
else {
xpc_connection_t remote = xpc_dictionary_get_remote_connection(event);
const char* command = xpc_dictionary_get_string(event, "request");
syslog(LOG_NOTICE, "received command in helper: %s", command);
system(command);
xpc_object_t reply = xpc_dictionary_create_reply(event);
xpc_dictionary_set_string(reply, "reply", "command has been executed");
xpc_connection_send_message(remote, reply);
xpc_release(reply);
}
}
__private_extern__
libSC_info_client_t *
libSC_info_client_create(dispatch_queue_t q,
const char *service_name,
const char *service_description)
{
xpc_connection_t c;
libSC_info_client_t *client;
#if !TARGET_IPHONE_SIMULATOR
const uint64_t flags = XPC_CONNECTION_MACH_SERVICE_PRIVILEGED;
#else // !TARGET_IPHONE_SIMULATOR
const uint64_t flags = 0;
#endif // !TARGET_IPHONE_SIMULATOR
if (_has_forked) {
return NULL;
}
client = malloc(sizeof(libSC_info_client_t));
client->active = TRUE;
client->service_description = strdup(service_description);
client->service_name = strdup(service_name);
c = xpc_connection_create_mach_service(service_name, q, flags);
xpc_connection_set_event_handler(c, ^(xpc_object_t xobj) {
xpc_type_t type;
type = xpc_get_type(xobj);
if (type == XPC_TYPE_DICTIONARY) {
asl_log(NULL, NULL, ASL_LEVEL_ERR, "%s: unexpected message", client->service_name);
log_xpc_object(" dict = ", xobj);
} else if (type == XPC_TYPE_ERROR) {
if (xobj == XPC_ERROR_CONNECTION_INVALID) {
asl_log(NULL, NULL, ASL_LEVEL_ERR, "%s: server not available", client->service_name);
client->active = FALSE;
} else if (xobj == XPC_ERROR_CONNECTION_INTERRUPTED) {
asl_log(NULL, NULL, ASL_LEVEL_DEBUG, "%s: server failed", client->service_name);
} else {
const char *desc;
desc = xpc_dictionary_get_string(xobj, XPC_ERROR_KEY_DESCRIPTION);
asl_log(NULL, NULL, ASL_LEVEL_DEBUG,
"%s: connection error: %d : %s",
client->service_name,
xpc_connection_get_pid(c),
desc);
}
} else {
asl_log(NULL, NULL, ASL_LEVEL_ERR,
"%s: unknown event type : %p",
client->service_name,
type);
}
});
int main(){
xpc_connection_t conn = xpc_connection_create_mach_service("com.apple.networkd", NULL, XPC_CONNECTION_MACH_SERVICE_PRIVILEGED);
xpc_connection_set_event_handler(conn, ^(xpc_object_t event) {
xpc_type_t t = xpc_get_type(event);
if (t == XPC_TYPE_ERROR){
printf("err: %s\n", xpc_dictionary_get_string(event, XPC_ERROR_KEY_DESCRIPTION));
}
printf("received an event\n");
});
int main(int argc, const char * argv[])
{
uint64_t action = 0;
OSStatus status = noErr;
uint8_t testkey[128] = "\xde\xad\xbe\xef\xde\xad\xbe\xef\xde\xad\xbe\xef\xde\xad\xbe\xef";
xpc_connection_t connection = xpc_connection_create_mach_service(SECURITYD_SERVICE_NAME, NULL, XPC_CONNECTION_MACH_SERVICE_PRIVILEGED);
xpc_object_t message = NULL, reply = NULL;
xpc_connection_set_event_handler(connection, ^(xpc_object_t event) {
if (xpc_get_type(event) == XPC_TYPE_ERROR) {
printf("XPC error\n");
}
});
static OSStatus sendTSARequestWithXPC(const unsigned char *tsaReq, size_t tsaReqLength, const unsigned char *tsaURL, unsigned char **tsaResp, size_t *tsaRespLength)
{
__block OSStatus result = noErr;
int timeoutInSeconds = 15;
extern xpc_object_t xpc_create_with_format(const char * format, ...);
dispatch_queue_t xpc_queue = dispatch_queue_create("com.apple.security.XPCTimeStampingService", DISPATCH_QUEUE_SERIAL);
__block dispatch_semaphore_t waitSemaphore = dispatch_semaphore_create(0);
dispatch_time_t finishTime = dispatch_time(DISPATCH_TIME_NOW, timeoutInSeconds * NSEC_PER_SEC);
xpc_connection_t con = xpc_connection_create("com.apple.security.XPCTimeStampingService", xpc_queue);
xpc_connection_set_event_handler(con, ^(xpc_object_t event) {
xpc_type_t xtype = xpc_get_type(event);
if (XPC_TYPE_ERROR == xtype)
{ tsaDebug("default: connection error: %s\n", xpc_dictionary_get_string(event, XPC_ERROR_KEY_DESCRIPTION)); }
else
{ tsaDebug("default: unexpected connection event %p\n", event); }
});
void send()
{
xpc_object_t reply = xpc_connection_send_message_with_reply_sync(service, obj);
xpc_release(obj);
obj = NULL;
xpc_type_t type = xpc_get_type(reply);
if (type == XPC_TYPE_DICTIONARY) {
obj = reply;
if (int64_t error = xpc_dictionary_get_int64(obj, "error"))
MacOSError::throwMe(error);
} else if (type == XPC_TYPE_ERROR) {
const char *s = xpc_copy_description(reply);
printf("Error returned: %s\n", s);
free((char*)s);
MacOSError::throwMe(errSecCSInternalError);
} else {
const char *s = xpc_copy_description(reply);
printf("Unexpected type of return object: %s\n", s);
free((char*)s);
}
}
static void
security_auth_peer_event_handler(xpc_connection_t connection, xpc_object_t event)
{
__block OSStatus status = errAuthorizationDenied;
connection_t conn = (connection_t)xpc_connection_get_context(connection);
require_action(conn != NULL, done, LOGE("xpc[%i]: process context not found", xpc_connection_get_pid(connection)));
CFRetainSafe(conn);
xpc_type_t type = xpc_get_type(event);
if (type == XPC_TYPE_ERROR) {
if (event == XPC_ERROR_CONNECTION_INVALID) {
// The client process on the other end of the connection has either
// crashed or cancelled the connection. After receiving this error,
// the connection is in an invalid state, and you do not need to
// call xpc_connection_cancel(). Just tear down any associated state
// here.
LOGV("xpc[%i]: client disconnected", xpc_connection_get_pid(connection));
connection_destory_agents(conn);
} else if (event == XPC_ERROR_TERMINATION_IMMINENT) {
// Handle per-connection termination cleanup.
LOGD("xpc[%i]: per-connection termination", xpc_connection_get_pid(connection));
}
} else {
assert(type == XPC_TYPE_DICTIONARY);
xpc_object_t reply = xpc_dictionary_create_reply(event);
require(reply != NULL, done);
uint64_t auth_type = xpc_dictionary_get_uint64(event, AUTH_XPC_TYPE);
LOGV("xpc[%i]: received message type=%llu", connection_get_pid(conn), auth_type);
switch (auth_type) {
case AUTHORIZATION_CREATE:
status = authorization_create(conn,event,reply);
break;
case AUTHORIZATION_CREATE_WITH_AUDIT_TOKEN:
status = authorization_create_with_audit_token(conn,event,reply);
break;
case AUTHORIZATION_FREE:
status = authorization_free(conn,event,reply);
break;
case AUTHORIZATION_COPY_RIGHTS:
status = authorization_copy_rights(conn,event,reply);
break;
case AUTHORIZATION_COPY_INFO:
status = authorization_copy_info(conn,event,reply);
break;
case AUTHORIZATION_MAKE_EXTERNAL_FORM:
status = authorization_make_external_form(conn,event,reply);
break;
case AUTHORIZATION_CREATE_FROM_EXTERNAL_FORM:
status = authorization_create_from_external_form(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_GET:
status = authorization_right_get(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_SET:
status = authorization_right_set(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_REMOVE:
status = authorization_right_remove(conn,event,reply);
break;
case SESSION_SET_USER_PREFERENCES:
status = session_set_user_preferences(conn,event,reply);
break;
case AUTHORIZATION_DISMISS:
connection_destory_agents(conn);
status = errAuthorizationSuccess;
break;
case AUTHORIZATION_ENABLE_SMARTCARD:
status = authorization_enable_smartcard(conn,event,reply);
break;
case AUTHORIZATION_SETUP:
{
mach_port_t bootstrap = xpc_dictionary_copy_mach_send(event, AUTH_XPC_BOOTSTRAP);
if (!process_set_bootstrap(connection_get_process(conn), bootstrap)) {
if (bootstrap != MACH_PORT_NULL) {
mach_port_deallocate(mach_task_self(), bootstrap);
}
}
}
status = errAuthorizationSuccess;
break;
#if DEBUG
case AUTHORIZATION_DEV:
server_dev();
break;
#endif
default:
break;
}
xpc_dictionary_set_int64(reply, AUTH_XPC_STATUS, status);
xpc_connection_send_message(connection, reply);
xpc_release(reply);
}
done:
CFReleaseSafe(conn);
}
